Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Configuring a VPN
- Thread starter olmsteadf
- Start date
- Thread starter
- #3
I never really noticed if SoftRemote is the name of the SafeNet product or not that is bundled with WG's IPSec VPN solution, but I'll assume that it is. If you don't have the VPN Guide PDF that is available for download from WG's site, here is a slightly edited version for v6.x of the firmware.
Assuming the user you are defining will use the Firebox for authentication, follow the below steps:
From Policy Manager:
1. Select Network => Remote User. Click the Mobile User VPN tab. The Mobile User VPN information appears.
2. Select Firebox Authenticated Users. Click Add. Click Next. The Mobile User VPN Wizard - Firebox Authenticated User appears.
3. Enter a username and passphrase.
4. Enter a shared key for the account. Click Next. This key will be used to negotiate the encryption and/or authentication for the MUVPN tunnel.
5. Select whether you will use the shared key or a certificate for authentication. Click Next.
6. If you specified certificates, enter the configuration passphrase of your certificate authority. Click Next.
7. Specify the network resource to which this user will be allowed access. By default, the IP address of the Trusted network appears in the field marked Allow user access to.
8. If you plan to use a virtual adapter and route all of the remote user’s Internet traffic through the IPSec tunnel, enable the checkbox marked Use default gateway on remote network. NOTE If you want to grant access to more than one network or host, use the procedure in the next section after finishing this wizard.
9. Specify a virtual IP address for this mobile user. Click Next. This can either be an unused IP address on the network you specified in the previous step or on a false network you have created.
10. Select an authentication method and encryption method for this mobile user’s connections. Enter a key expiration time in kilobytes or hours. Authentication MD5-HMAC (128-bit algorithm) or SHA1-HMAC (160-bit algorithm) Encryption None (no encryption), DES-CBC (56-bit), or 3DES-CBC (168-bit)
11. Click Next. Click Finish.
The wizard closes and the username appears on the Mobile User VPN tab. If you expand the plus signs (+) next to the entries, you can view the information.
Assuming the user you are defining will use the Firebox for authentication, follow the below steps:
From Policy Manager:
1. Select Network => Remote User. Click the Mobile User VPN tab. The Mobile User VPN information appears.
2. Select Firebox Authenticated Users. Click Add. Click Next. The Mobile User VPN Wizard - Firebox Authenticated User appears.
3. Enter a username and passphrase.
4. Enter a shared key for the account. Click Next. This key will be used to negotiate the encryption and/or authentication for the MUVPN tunnel.
5. Select whether you will use the shared key or a certificate for authentication. Click Next.
6. If you specified certificates, enter the configuration passphrase of your certificate authority. Click Next.
7. Specify the network resource to which this user will be allowed access. By default, the IP address of the Trusted network appears in the field marked Allow user access to.
8. If you plan to use a virtual adapter and route all of the remote user’s Internet traffic through the IPSec tunnel, enable the checkbox marked Use default gateway on remote network. NOTE If you want to grant access to more than one network or host, use the procedure in the next section after finishing this wizard.
9. Specify a virtual IP address for this mobile user. Click Next. This can either be an unused IP address on the network you specified in the previous step or on a false network you have created.
10. Select an authentication method and encryption method for this mobile user’s connections. Enter a key expiration time in kilobytes or hours. Authentication MD5-HMAC (128-bit algorithm) or SHA1-HMAC (160-bit algorithm) Encryption None (no encryption), DES-CBC (56-bit), or 3DES-CBC (168-bit)
11. Click Next. Click Finish.
The wizard closes and the username appears on the Mobile User VPN tab. If you expand the plus signs (+) next to the entries, you can view the information.
- Thread starter
- #5
Make sure that you have made the user a member of the preconfigured group, ipsec_users. Also that you have added this group to the Any service in Policy Manager.
Incoming:
From: ipsec_users
To: Trusted
Outgoing
From: Trusted
To: ipsec_users
That covers the basics, the actual error log records would be handy though. I am guessing it may be an issue with the ISP. Is the client connecting over a VPN? Some ISP's will block IPSec (UDP Port 500 and IP protocols 50 and 51).
Incoming:
From: ipsec_users
To: Trusted
Outgoing
From: Trusted
To: ipsec_users
That covers the basics, the actual error log records would be handy though. I am guessing it may be an issue with the ISP. Is the client connecting over a VPN? Some ISP's will block IPSec (UDP Port 500 and IP protocols 50 and 51).
- Status
Similar threads
- Locked
- Question
- Locked
- Question
- Locked
- Question